git.onelab.eu Git - sliver-openvswitch.git/log

sparse: Support recent distributions

sparse support seems to be broken on some recent Linux distributions.
For example, ubuntu 12.04 with Linux 3.5 kernel, and Debian latest test
distribution, running Linux 3.2 kernel.

On both systems that sparse was broken, It was not able find the header files
in the default system include directories. GCC finds them by default.

This patch adds the required GCC default search path when running sparse.

Tested on:

Ubuntu 12.04 - w/ linux 3.5 kernel
Debian-6 March test distribution - w/ linux 3.2 kernel

Signed-off-by: Andy Zhou <azhou@nicira.com>
[blp@nicira.com also tested on Debian squeeze and wheezy (testing)]
Signed-off-by: Ben Pfaff <blp@nicira.com>

python: fix a typo error in python/ovs/socket_util.py.

The commit 89d7ffa9 (python: Workaround UNIX socket path
length limits), fixes most failed tests. But it has a
typo and the typo causes the failure of test <unixctl
server errors - Python> when the path length is very
long (e.g. more than 90 characters).

This patch fixes the above issue.

Signed-off-by: Alex Wang <alexw@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Correctly implement the OpenFlow 1.2+ OXM_OF_IP_DSCP field.

NXM puts the DSCP value in bits 2-7 of NXM_OF_IP_TOS.
OXM puts the DSCP value in bits 0-6 of OXM_OF_IP_DSCP.

Before this commit, Open vSwitch incorrectly implemented OXM_OF_IP_DSCP
with the same format as NXM_OF_IP_TOS. This commit fixes the problem and
adds a test (previously missing but I don't know why).

Reported-by: Hiroshi Miyata <miyahiro.dazu@gmail.com>
Tested-by: Hiroshi Miyata <miyahiro.dazu@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

INSTALL.XenServer: Add a note for tunnel firewall rules.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

rhel: Remove the firewall hole that we create for GRE.

Till now, by default, we add firewall holes for
gre traffic. There may be users that do not use GRE tunnels
and they may be surprised with this behavior. So, don't add
the firewall rules by default and update the documentation
to mention the same.

This patch does not remove the default GRE firewall rule for
xenserver because xenserver has a feature called "Cross-Host
Internal Networks" (CHIN) that uses GRE.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

Revert "rhel, xenserver: Punch holes through firewall for VXLAN."

This reverts commit 5902b4ed6.

For end users that do not plan to use tunnels or use only selected
tunnels, it probably is a bad idea to punch firewall holes by default.
Opening holes like this may surprise the user.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

list: Style fixes.

Signed-off-by: Ben Pfaff <blp@nicira.com>

python/ovs/poller.py: workaround an eventlet bug

Signed-off-by: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Signed-off-by: Ben Pfaff <blp@nicira.com>

debian: build with debugging symbol

Signed-off-by: Zang MingJie <zealot0630@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

INSTALL: Admit that only GNU make works.

I promised some time ago to take a look at fixing the behavior of the
Makefiles with non-GNU make, but it doesn't realistically seem that I will.

CC: Ed Maste <emaste@freebsd.org>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Remove vport->linkname

This field is no longer used in datapath.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Simplify datapath locking.

Currently OVS uses combination of genl and rtnl lock to protect
datapath state. This was done due to networking stack locking.
But this has complicated locking and there are few lock ordering
issues with new tunneling protocols.
Following patch simplifies locking by introducing new ovs mutex
and now this lock is used to protect entire ovs state.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

datapath: Add workqueue API to ovs compat workqueue.

Add work-queue api which are required for next commit.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

ovs-vsctl: Fix a segfault.

The following two commands results in a ovs-vsctl segfault.
ovs-vsctl -vfatal_signal:off --timeout=0 wait-until \
Open_vswitch . external_ids:blah="1"
/etc/init.d/openvswitch-switch restart

This patch fixes the segfault by properly setting the global
varibale, the_idl_txn to NULL when the underlying memory is
freed.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-ctl.in: Merge a single line function.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

tests: Add test for ovs-vswitchd regression with empty db.

Signed-off-by: Ben Pfaff <blp@nicira.com>

AUTHORS: Add Ansis Atteka.

I do not understand how this omission has gone on so long.

CC: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

bridge: Complete initial configuration even with empty database.

If the database was empty, that is, it did not even contain an Open_vSwitch
top-level configuration record, at ovs-vswitchd startup time, then
OVS failed to detach and used 100% CPU. This commit fixes the problem.

This problem was introduced by commit 63ff04e82623e765 (bridge: Only
complete daemonization after db commits initial config.).

This problem did not manifest if the initscripts supplied with Open vSwitch
were used, because those initscripts always initialize the database before
starting ovs-vswitchd, so this problem affects only users with hand-rolled
local OVS startup scripts.

Bug #16090.
Reported-by: Pravin Shelar <pshelar@nicira.com>
Tested-by: Pravin Shelar <pshelar@nicira.com>
Reported-by: Paul Ingram <paul@nicira.com>
Reported-by: Amre Shakimov <ashakimov@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>

memory: Avoid 100% CPU when there is nothing to report.

Commit b9de4087685 (memory: Avoid an empty log message if there's nothing
to log.) introduced a 100% CPU usage condition when there is nothing to
log. This fixes the problem.

Reported-by: Ansis Atteka <aatteka@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

netlink-socket: Don't bother logging SO_RCVBUFFORCE failure

This patch fixes tests when they are run with "fakeroot debian/rules binary"
command.

The problem was that under fakeroot setsockopt() call could still return
EPERM and lead to a warning message being logged.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>

bridge: Only complete daemonization after db commits initial config.

An earlier commit changed the Open vSwitch startup scripts so that they
connect to remote managers only after ovs-vswitchd does its initial
configuration, as signaled by ovs-vswitchd detaching from its parent
process.  However, a race window remains, because ovs-vswitchd detaching
does not mean that the database server has received and committed the
transaction, only that ovs-vswitchd has sent it.  This commit fixes that
race window, by changing ovs-vswitchd to complete detaching only after
the database server acknowledges the transaction.

It is still possible for unusual events to cause ovs-vswitchd to detach
before ephemeral columns are filled in.  There is always a slim possibility
that the transaction will fail or that some other client has added new
bridges, ports, etc. while ovs-vswitchd was configuring using an old
configuration.  The latter race is inherent to the design of the system
and cannot be avoided without radical changes.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Bug #15983.

ovs-ctl: Connect to remote OVSDB managers only after ovs-vswitchd starts.

Until now, ovs-ctl has started ovsdb-server with the full set of remote
managers configured.  This means that ovsdb-server immediately connects to
these managers, before ovs-vswitchd even starts.  Because the Open vSwitch
schema has several ephemeral columns, there will be considerable startup
churn in the database.   For example, ovs-vswitchd will initially fill in
the datapath-id and ofport columns as it starts and sets up the initial
configuration.  This churn wastes bandwidth to the remote managers and has
potential for confusing them.

This commit reduces the churn by changing ovs-ctl so that ovsdb-server
connects to the remote managers only after ovs-vswitchd has finished its
initial configuration.  This means that remote managers will initially
see a filled-in database, not one that has its ephemeral columns empty.

This commit does not mean that managers can ignore the possibility that
some columns have not yet been filled in.  For example, some columns will
still be briefly blank after a new bridge or a new port is added at
runtime, because adding a bridge or port occurs in one transaction (made by
the client adding the port, e.g. ovs-vsctl) and filling in those columns
happens in a different transaction (made by ovs-vswitchd).  But this commit
does reduce the quantity of empty columns that I would expect a database
client to observe in practice.

Reported-by: Jeff Merrick <jmerrick@vmware.com>
CC: Amar Padmanabhan <amar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>
Bug #15983.

ovsdb-server: Add commands for adding and removing remotes at runtime.

This will make it possible, in later commits, to make ovsdb-server connect
to OVS managers only after ovs-vswitchd has completed its initial
configuration.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>

ovsdb-server: Refactor parsing of remote names to avoid ovs_fatal().

The current users of parse_db_column() are content to terminate with a
fatal error if parsing fails. An upcoming commit requires more flexibility,
so this commit refactors parse_db_column() to make this possible.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>

sset: New function sset_sort().

This will have its first caller in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ansis Atteka <aatteka@nicira.com>

datapath.h Fix a stale comment.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

dpif-linux: Reset epoll() on channel deletion.

The list of epoll events contains references to channels which may
be stale when one of those channels is deleted. The safest thing
to do is simply refresh epoll() whenever a channel is deleted.

Bug #16057.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

tests: Add test-sflow to .gitignore.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

Remove unused struct xlate_reg_state definition.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

rhel, xenserver: Punch holes through firewall for VXLAN.

Bug #15518.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

python.ovs.db.idl: Fix Row.delete() of a row already committed to the db.

Row.delete() handled the case of deleting a row that was added within the
current transaction, but not yet committed, but it did not correctly handle
the case of deleting a row that belonged to the database before the
transaction started. This fixes the problem.

Reported-by: Yeming Zhao <zhaoyeming@gmail.com>
Tested-by: Yeming Zhao <zhaoyeming@gmail.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-lib: Do not tee the ovs-ctl o/p in case of strace.

Running the OVS daemons with strace option enabled
will block if we pipe the output. We use tee
to log the output of ovs-ctl to ovs-ctl.log

This patch disables the startup script logging when we run the
OVS daemons with the strace option.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif: Disable miss handling in rule_get_stats().

rule_get_stats() is often called when iterating over every rule in
the flow table. To ensure up-to-date statistics, rule_get_stats()
calls push_all_stats() which can cause flow misses to be handled.
When using the learn action, this can cause rules to be added (and
potentially removed) from the OpenFlow table. This could corrupt
the caller's data structures, leading to a segmentation fault.
This patch fixes the issue by disabling flow miss handling from
within rule_get_stats().

Bug #15999.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

vlog: extend syslog format to make OVS logs easier to filter

Prepend "ovs|" to syslog logs to make them easier to filter out of all
LOG_DAEMON logs.

Signed-off-by: Romain Lenglet <rlenglet@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-appctl: dpif/show display bug fix

Fixes a bug where per ofproto moving average stats did not update
when there is no active dp flows.

Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Justin Pettit <jpettit@nicira.com>

tests/lacp.at: Fix comment.

Fix residue from an earlier patch.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

memory: Avoid an empty log message if there's nothing to log.

I spotted this in a case where I ran ovsdb-server, by hand, on an empty
database.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Don't insert empty OVS_VPORT_ATTR_OPTIONS attribute

The port specific options are currently unused resulting in an
empty OVS_VPORT_ATTR_OPTIONS nested attribute being inserted
into every OVS_VPORT_CMD_GET message.

Don't insert OVS_VPORT_ATTR_OPTIONS if no options are present.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
[jesse: Options are used by tunnels but the concept still applies.]
Signed-off-by: Jesse Gross <jesse@nicira.com>

ofproto-dpif: Don't rate limit facet_learn() with fin_timeouts.

In the standard case, rate limiting facet_learn() to once ever
500ms, makes sense. The worst that can happen is a learning entry
is expired half a second to early. However, when using
fin_timeouts, we really need react quickly to delete the newly
stale flow.

Bug #15915.
Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto: Increase default flow-eviction-threshold.

The flow-eviction-threshold presents a trade off between the
expense of maintaining large numbers of datapath flows, and the
benefit of avoid unnecessary flow misses. In some large Open
vSwitch deployments, we've seen the previous default flow eviction
threshold negatively impact performance with reasonably typical
traffic patterns. This patch increases the default to a level
which should represent a better trade off: still relatively safe,
but much more amenable to large numbers of long lived flows.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Push statistics less frequently.

The most natural place to push facet statistics is in
update_stats() where they're pulled from the datapath. However,
under load, update_stats() can be called as many as 10 times per
second causing us to push statistics so frequently it hurts
performance. By pushing statistics much less frequently, this
patch generates a roughly 8% improvement in TCP_CRR performance.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Run fast internally.

ofproto-dpif is responsible for quite a few book keeping tasks in
addition to handling flow misses.  Many of these tasks (flow
expiration, flow revalidation, etc) can take many hundreds of
milliseconds, during which no misses can be handled.  The ideal
long term solution to this problem, is to isolate flow miss
handling into it's own thread.  However, for now this patch
provides a 5% increase in TCP_CRR performance, and smooths out
results during revalidations.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Systematically push stats upon request.

Commit bf1e8ff (ofproto-dpif: Push statistics in rule_get_stats()),
started down the road towards pushing stats on demand, but it
didn't go quite far enough. First, it neglected to push stats in
port_get_stats() and mirror_get_stats(). Second, it only pushes
stats for a single ofproto, making it incomplete when patch ports
are used.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

netdev: Remove netdev_is_open(), which has no users.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

netdev: Remove netdev_exists(), which has no users.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

rhel: Add depmod.d conf file for rhel6 kmod package.

It looks like for Centos6.4, there is an upstream openvswitch
kernel module already installed. When we try to install kmod-openvswitch
package from this tree's pre-1.10 branches, we get the following warning:
"brcompat.ko needs unknown symbol ovs_dp_ioctl_hook".

Also, after installing the kmod-openvswitch package, if we run
"modprobe openvswitch", the upstream kernel module gets loaded.
We should instead load the kernel module compiled from this tree.

This patch fixes both the above issues.

Bug #15829.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

jsonrpc-server: Disconnect connections that queue too much data.

Consider this situation:

    * OVSDB client A executes transactions very quickly for a long time.

    * OVSDB client B monitors the tables that A modifies, but (either
      because B is connected over a slow network, or because B is slow to
      process updates) cannot keep up.

In this situation, the data that ovsdb-server has queued to send B grows
without bound and eventually ovsdb-server runs out of memory.  This commit
avoids the problem by noticing that more data is queued to B than necessary
to express the whole contents of the database and dropping the connection
to B.  When B reconnects later, it can then fetch the contents of the
database using less data than was previously queued to it.

(This is not entirely hypothetical.  We have seen this behavior in
intentional stress tests.)

Bug #15637.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb-data: New functions for predicting serialized length of data.

These will be used for the first time in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>

json: New function json_serialized_length().

This will be used for the first time in an upcoming commit.

Signed-off-by: Ben Pfaff <blp@nicira.com>

tests: Add sFlow test.

This patch adds an sFlow test to the test suite.

I have only tested this on a Fedora 17 OS.

Signed-off-by: Neil Mckee <neil.mckee@inmon.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Use ETH_ALEN to define ethernet addresses

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Provide simple version of if_ether.h on non-Linux systems.

Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Move common genl notify code into ovs_notify()

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Refine Netlink message size calculation and kill FLOW_BUFSIZE

Kills the FLOW_BUFSIZE constant which needs to be calculated manually
and replaces it with key_attr_size() based on nla_total_size().
Calculates the size of datapath messages instead of relying on
NLMSG_DEFAULT_SIZE and moves the existing message size calculations
into own functions for clarity.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Use nla_memcpy() to memcpy() data from attributes

Less error prone as it takes into account the length of both the
destination buffer and the source attribute and documents when
data is copied from an attribute.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Specify the minimal length of OVS_PACKET_ATTR_PACKET in the policy

Specifying the minimal length in the policy makes it reuseable
and documents the interface.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>

lacp: Stop time to avoid dependency on real time in negotiation test.

Commit f3103dfa00d (lacp.at: Change timing of lacp - negotiation test)
fixed test failures for the lacp negotiation test on some systems, but
made it crop up on others where it hadn't appeared before.

My guess is that this commit is the real fix. If it isn't, then we
will probably just have to remove the test or disable it, much as I
hate doing that.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: net: add ETH_P_802_3_MIN

Add a new constant ETH_P_802_3_MIN, the minimum ethernet type for
an 802.3 frame. Frames with a lower value in the ethernet type field
are Ethernet II.

Also update all the users of this value that David Miller and
I could find to use the new constant.

Also correct a bug in util.c. The comparison with ETH_P_802_3_MIN
should be >= not >.

As suggested by Jesse Gross.

Compile tested only.

Cc: David Miller <davem@davemloft.net>
Cc: Jesse Gross <jesse@nicira.com>
Cc: Karsten Keil <isdn@linux-pingi.de>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Bart De Schuymer <bart.de.schuymer@pandora.be>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Cc: linux-bluetooth@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
Cc: bridge@lists.linux-foundation.org
Cc: linux-wireless@vger.kernel.org
Cc: linux1394-devel@lists.sourceforge.net
Cc: linux-media@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: dev@openvswitch.org
Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

lacp.at: Change timing of lacp - negotiation test

The "lacp - negotiation" test (# 3) used to always fail when running
multiple tests in parallel (-j2). The reduced simulated wait time
(from 4 seconds to 2.5 seconds) seems to still give the expected result,
and works also when running multiple tests in parallel.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

openflow-1.3.h: Fix spelling error

Fix spelling error in enum ofp13_action_type.

Reported-by: Markus Linnakangas <markus.linnakangas@tieto.com>
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ: Fix spelling of OpenFlow versions in example.

OpenFlow version strings in the database are case sensitive.

Reported-by: Markus Linnakangas <markus.linnakangas@tieto.com>
Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif.at: Fix timing issue in show rates test.

Fix a test failure due to timing differences in different test runs.

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-lib: Wait for a longer time after SIGKILL.

Currently, when we stop a daemon, we first send it SIGTERM.
If SIGTERM did not work within ~5 seconds, we send a SIGKILL.
After sending SIGKILL, we wait only for 4 seconds, before giving
up.

If the system is extremely busy, there is a chance that a
process is not killed by the kernel within 4 seconds. In such
a case, when we try to start the daemon immediately, we see that
the pid inside the pid-file is valid and assume that the daemon
is still running. This leaves us in a state, where the daemon is
actually not running.

This patch increases the time waiting for the kernel to kill the
process to 60 seconds.

Bug #15404.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif: Keep track of exact-match flow info

This patch adds more flow related stats to the output of
"ovs-appctl dpif/show". Specifically, the follow information
are added per ofproto:

- Max flow table size
- Average flow table size
- Average flow table add rate
- Average flow table delete rate
- Average flow entry life in milliseconds

Feature #15366

Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovsdb: Remove prototypes for unimplemented functions.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: Rate limit calls to facet_learn().

In the TCP_CRR benchmark, ovs-vswitchd spends so much time in
update_stats() that it has a significant impact on flow setup
performance. Further work is needed in this area, but for now,
simply rate limiting facet_learn() has a roughly 10% improvement
with complex flow tables.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

ofproto-dpif: Rate limit facet_check_consistency()

With complex flow tables, facet_check_consistency() can be
expensive enough to show up in flow setup performance benchmarks.
In my testing this patch gives us a roughly 10% improvement in
TCP_CRR and ovs-benchmark.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

datapath: correct an invalid BUG_ON

table->count is uint32_t

Signed-off-by: Hong Zhiguo <honkiko@gmail.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Fix IP ID setting.

Eliminate the extra call to ip_select_ident(), and place the
__ip_select_ident() call where the ip_select_ident() call was.
This fixes two problems: Before, the call to ip_select_ident() did
always zero out the value set earlier by __ip_select_ident(). Also,
when __ip_select_ident() was called before setting the iph->daddr,
ident calculation was possibly based on uninitialized data (but as
the result was masked by the later call to ip_select_ident() it was
not visible).

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Factor out common code from *_build_header() to ovs_tnl_send().

Signed-off-by: Jarno Rajahalme <jarno.rajahalme@nsn.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath: Preallocate reply skb in ovs_vport_cmd_set().

Allocation of the Netlink notification skb can potentially fail
after changing vport configuration. In general, we try to avoid
this by undoing any change we made but that is difficult for existing
objects. This avoids the problem by preallocating the buffer (which
is fixed size).

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

vswitchd: Document coverage/show command.

coverage/show command documentation is currently missing
from ovs-vswitchd's man page.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

xenserver: Add information about some bugtool scripts.

The README file in xenserver directory currently misses information
about a few bugtool scripts. Add them.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-bugtool: Add ovs-appctl dpif commands to debug bundle.

With single datapath, 'ovs-dpctl dump-flows ' dumps datapath flows for
all the userspace bridges in a system. It can get a little harder
to figure out the datapath flows belonging to a particular userspace
bridge.

This patch adds the 'ovs-appctl dpif/show' and 'ovs-appctl dpif/dump-flows'
output for each userspace bridge. This gives us a summary of configured
datapaths and all datapath flow entries for each bridge separately.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-bugtool: Add iptables output for all tables.

Currently we list all the rules only from the 'filter' table.
Include the rules from all the other tables too.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

odp-utils: Fix memory corruption while flow parsing.

Currently, when flow attribute type is greater than OVS_KEY_ATTR_MAX,
we can write into a random memory address causing corruption. Fix it.

Bug #15702.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ofproto-dpif: Push statistics in rule_get_stats().

As time goes on, and flow tables become more complicated, the
tradeoff between keeping up to date statistics, and the CPU
resources needed to maintain them, will become more important.
Commit 5c0243a (ofproto-dpif: xlate actions once with subfacets.)
delayed the reporting of some statistics in an effort to achieve
higher flow setup performance. Future commits will continue in the
same direction.

This patch helps to alleviate the issue, by pushing statistics
rule_get_stats(), when users actually want them. Presumably, this
happens rarely, and thus will not have a negative impact on
ovs-vswitchd performance.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

extract-ofp-errors: Make Python 3 compatible.

extract-ofp-errors doesn't work with python 3 for the
following reasons:

- several "SyntaxError: invalid syntax":
print not a keyword anymore. As a function it requires '()'
- AttributeError: 'dict' object has no attribute 'itervalues'
Use values() instead.

Test done:
Generate using ofp-errors.inc as a reference
Patch for python 3, then regenerate ofp-errors.inc
Diff between the two outputs.

Signed-off-by: Damien Millescamps <damien.millescamps@6wind.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

FAQ: Change stray triple-blank line to double-blank line for consistency.

Reported-by: Reid Price <rprice@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ovs-bugtool: Add ovs-ofctl commands to bugtool plugin scripts.

This patch adds two new scripts that run "ovs-ofctl show" and
"ovs-ofctl dump-flows" on each bridge.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

ovs-bugtool: Remove calls of ovs-ofctl on ovs-system.

With single datapath, making ovs-ofctl calls on ovs-system
does not give the necessary o/p. This patch removes those calls.

The next patch adds the correct commands to bugtool plugin scripts.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

nicira-ext: Fix comment on NXAST_STACK_PUSH and NXAST_STACK_POP.

CC: Pankaj Thakkar <pthakkar@vmware.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

ofproto-dpif: xlate actions once with subfacets.

Before this patch, when ofproto-dpif decided that a particular flow
miss needed a facet, it would do action translation multiple times.
Once in subfacet_make_actions(), and once per packet in
subfacet_update_stats().  In the common case (once per miss), this
would double the amount of work required in xlate_actions().

The call to facet_push_stats() in subfacet_update_stats() is
unnecessary.  If the packets are simply accounted to the facet,
they will eventually be pushed to the relevant rules in
update_stats() or when the facet is removed.   Removing the
unnecessary step gives us a 20% improvement of the netperf TCP_CRR
benchmark with the complex flow tables installed by our controller.

Signed-off-by: Ethan Jackson <ethan@nicira.com>

mpls: Allow l3 and l4 actions to prior to a push_mpls action

* Update the order in which actions are committed and thus
  appear in the datapath such that MPLS actions appear after
  l3 and l4 (nw and port) actions.

  In the case where an mpls_push action is present it should ensure
  that l3 and l4 actions occur first, which seems logical as
  once a mpls_push has occur the frame will be MPLS rather
  than IPv4 or IPv6.

  In the case where there is an mpls_pop action is present this should
  not make any difference as the frame will have been MPLS to start with
  and thus not satisfy the pre-requisites for  l3 or l4 actions.

* Update commit_set_nw_action() to use the base ethertype when considering
  eligibility to commit l3 (nw) actions. This allows l3 actions to be
  applied so long as the frame was originally IPv4 or IPv6, even if
  an mpls_push action will be applied and thus flow indicates the
  frame will be MPLS.

* Make actions that may modify port or network information conditional on
  the flow's ethernet type being an IP ethernet type. This is to ensure
  that actions that modify network and port information do not occur
  on non IP packets, for example if an mpls_push action has changed a
  packet from IP to MPLS.

  Note that modification of network data is already prevented by
  virtue of commit_set_nw_action() only having cases for when the
  ethernet type of the flow is  IPV4 or IPV6. The conditionality
  of network actions on the ethernet type has been added to
  do_xlate_actions() to make it explicit.

* Add a check to commit_set_port_action() to ensure that the base
  flow is IP. This protects against the case where move_reg is used
  to change transport ports after an MPLS header is pushed.

Signed-off-by: Simon Horman <horms@verge.net.au>
[jesse: Add check for an IP protocol when committing L4 actions.]
Signed-off-by: Jesse Gross <jesse@nicira.com>

configure: Only link against libpcap on FreeBSD.

On other platforms there is no benefit to linking against libpcap, because
it is not used.

Signed-off-by: Ben Pfaff <blp@nicira.com>
CC: Ed Maste <emaste@freebsd.org>

bridge: Rate-limit updates to "instant stats".

Some information in the database must be kept as up-to-date as
possible to allow controllers to respond rapidly to network outages.
We call these statistics "instant" stats.

Until now, the instant stats have been updated on every trip through
the main loop.  This work scales with the number of interfaces that
ovs-vswitchd manages.  With CFM enabled on 5000 interfaces, even with
a low transmission rate, we see ovs-vswitchd using 100% CPU just to
maintain statistics, even with no actual changes.

This commit rate-limits updates to instant stats to at most 10 times
per second.  Earlier tests I did with similar patches showed a major
reduction in CPU usage.  I have not rerun those tests with this patch,
but I expect that the CPU usage should similarly decline.

CC: Ram Jothikumar <rjothikumar@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

datapath: Remove checks for preinitialized flow.

Header caching used to store a precomputed flow along with the skb
but no longer exists. There were a few remaining checks for those
flows, which this removes. It simplifies the code slightly and brings
us closer to upstream.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

debian: Re-add --timeout option for ifupdown script.

Commit fba6bd1d3f(ovs-vsctl: Try connecting only once for active connections..)
removed the timeout option from ifupdown.sh. Removing the "--timeout=" option
can cause ifupdown script to hang if ovs-vswitchd is not running and ifupdown
script changes the OVSDB. So, re-add it.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

rhel: Set STP of a bridge during bridge creation.

This patch sets the value of STP (if provided) at the same
time of bridge creation. This eliminates an extra ovs-vsctl call
and does not let ovs-vswitchd run briefly with STP not enabled.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

rhel: Prevent duplicate ifup calls.

When we configure OVS using rhel ifupdown scripts,
we call ifup on a bridge twice. Once while configuring the
bridge and once while configuring the ports of the bridge.
This looks harmless but unnecessary. This patch fixes the
behavior.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

NEWS: Update release for ovs-vsctl changes from post-1.10 to 1.10.

This feature was backported.

Signed-off-by: Ben Pfaff <blp@nicira.com>

ipsec: unset IPSEC_MARK flag from skb_mark after tunnel packet is decapsulated

After tunnel packet is unencapsulated we should unset IPsec flag from
skb_mark.

Otherwise, IPsec policies would be applied one more time on internal
interfaces, if there is one. This is especially necessary after we
will introduce global, low-priority IPsec drop policy that will make
sure that we never let through marked but unencrypted packets.

Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Issue: 15074

ovs-vsctl: Try connecting only once for active connections by default.

Until now, ovs-vsctl has kept trying to the database server until it
succeeded or the timeout expired (if one was specified with --timeout).
This meant that if ovsdb-server wasn't running, then ovs-vsctl would hang.
The result was that almost every ovs-vsctl invocation in scripts specified
a timeout on the off-chance that the database server might not be running.
But it's difficult to choose a good timeout.  A timeout that is too short
can cause spurious failures.  A timeout that is too long causes long delays
if the server really isn't running.

This commit should alleviate this problem.  It changes ovs-vsctl's behavior
so that, if it fails to connect to the server, it exits unsuccessfully.
This makes --timeout obsolete for the purpose of avoiding a hang if the
database server isn't running.  (--timeout is still useful to avoid a hang
if ovsdb-server is running but ovs-vswitchd is not, for ovs-vsctl commands
that modify the database.  --no-wait also avoids that issue.)

Bug #2393.
Bug #15594.
Reported-by: Jeff Merrick <jmerrick@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Remove encal_dl_type from struct flow

There were plans to use this in conjunction with inner/outer flows,
however that plan has been changed in favour of using recirculation.
This leaves us with the current usage.

encal_dl_type is currently only used to allow decoding of packets used in
the test suite. However, this is a bit of a fudge and the packets may be
provided as hexadecimal instead.

Also remove comments from parse_l2_5_onward() relating to MPLS which are
not in keeping with the commenting throughout the rest of the function.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

Revert "flow: Split flow_extract"

It was planned to use this code to allow further processing of packets, a
second pass done when constructing a flow. Instead it is now planned to
use recirculation to address the problems that secondary processing aimed
to resolve. As a result there are no longer plans to use
flow_extract_l3_onwards() and it seems prudent to remove it.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-dpctl: New add-flow, mod-flow, del-flow commands.

Signed-off-by: Ben Pfaff <blp@nicira.com>

datapath: Remove old patch interface definitions.

Patch ports have been completely moved to userspace at this point
but one part of the interface remained. It's no longer used by
either userspace or kernel so this deletes it.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>

datapath: Provide additional RCU backports.

A recent commit started using rcu_dereference_raw, hlist_first_rcu,
and hlist_next_rcu so this provides backports for kernels where they
don't exist.

Signed-off-by: Jesse Gross <jesse@nicira.com>

ovs-bugtool: Add ovs-ctl.log to debug bundle.

ovs-ctl.log will include the o/p of ovs-ctl when
run from rhel, debian and xenserver startup scripts.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

debian, rhel, xenserver: Ability to collect ovs-ctl logs.

We use ovs-ctl from startup scripts to start, stop, restart,
force-reload-kmod OVS daemons. ovs-ctl gives quite a descriptive
o/p while running the above commands. But the o/p goes to stdout.
Sometimes, this output is quite useful to debug issues.

With this patch, we store the o/p of ovs-ctl when called from
startup scripts in /var/log/openvswitch/ovs-ctl.log

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>